yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'dev/v5.0' into fix-merge-conflict-master-to-5.0

This commit is contained in:
Zaiming Shi 2021-03-01 19:58:16 +01:00 committed by GitHub
parent 990b7bd494 23269c13bc
commit 5edef84332
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
57 changed files with 404 additions and 431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/run_cts_tests.yaml vendored
View File

@ -79,7 +79,7 @@ jobs:
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-mongo-tls.yaml up -d
cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__MONGO__SSL=on
EMQX_AUTH__MONGO__SSL__ENABLE=on
EMQX_AUTH__MONGO__CACERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
EMQX_AUTH__MONGO__CERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
EMQX_AUTH__MONGO__KEYFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
@ -90,7 +90,7 @@ jobs:
if: matrix.connect_type == 'tcp'
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-mongo.yaml up -d
echo EMQX_AUTH__MONGO__SSL=off >> "$GITHUB_ENV"
echo EMQX_AUTH__MONGO__SSL__ENABLE=off >> "$GITHUB_ENV"
- name: setup
if: matrix.network_type == 'ipv4'
run: |
@ -137,7 +137,7 @@ jobs:
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-mysql-tls.yaml up -d
cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__MYSQL__SSL=on
EMQX_AUTH__MYSQL__SSL__ENABLE=on
EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
EMQX_AUTH__MYSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
@ -148,7 +148,7 @@ jobs:
if: matrix.connect_type == 'tcp'
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-mysql.yaml up -d
echo EMQX_AUTH__MYSQL__SSL=off >> "$GITHUB_ENV"
echo EMQX_AUTH__MYSQL__SSL__ENABLE=off >> "$GITHUB_ENV"
- name: setup
if: matrix.network_type == 'ipv4'
run: |
@ -201,7 +201,7 @@ jobs:
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__PGSQL__SSL=on
EMQX_AUTH__PGSQL__SSL__ENABLE=on
EMQX_AUTH__PGSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt
EOF
- name: setup
@ -210,7 +210,7 @@ jobs:
if: matrix.connect_type == 'tcp'
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql.yaml up -d
echo EMQX_AUTH__PGSQL__SSL=off >> "$GITHUB_ENV"
echo EMQX_AUTH__PGSQL__SSL__ENABLE=off >> "$GITHUB_ENV"
- name: setup
if: matrix.network_type == 'ipv4'
run: |
@ -264,7 +264,7 @@ jobs:
set -exu
docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}-tls.yaml up -d
cat <<-EOF >> "$GITHUB_ENV"
EMQX_AUTH__REDIS__SSL=on
EMQX_AUTH__REDIS__SSL__ENABLE=on
EMQX_AUTH__REDIS__SSL__CACERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
EMQX_AUTH__REDIS__SSL__CERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
EMQX_AUTH__REDIS__SSL__KEYFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
@ -275,7 +275,7 @@ jobs:
if: matrix.connect_type == 'tcp'
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}.yaml up -d
echo EMQX_AUTH__REDIS__SSL=off >> "$GITHUB_ENV"
echo EMQX_AUTH__REDIS__SSL__ENABLE=off >> "$GITHUB_ENV"
- name: get server address
if: matrix.connect_type == 'tcp' || (matrix.connect_type == 'tls' && matrix.redis_tag != '5')
run: |

24
apps/emqx_auth_http/etc/emqx_auth_http.conf
View File

@ -7,7 +7,7 @@
## Value: URL
##
## Examples: http://127.0.0.1:80/mqtt/auth, https://[::1]:80/mqtt/auth
auth.http.auth_req.url = http://127.0.0.1:80/mqtt/auth
auth.http.auth_req.url = "http://127.0.0.1:80/mqtt/auth"
## HTTP Request Method for Auth Request
##
@ -18,7 +18,7 @@ auth.http.auth_req.method = post
## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
##
## Examples: auth.http.auth_req.headers.accept = */*
auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
auth.http.auth_req.headers.content-type = "application/x-www-form-urlencoded"
## Parameters used to construct the request body or query string parameters
## When the request method is GET, these parameters will be converted into query string parameters
@ -35,14 +35,14 @@ auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
## - %d: subject of client TLS cert
##
## Value: <K1>=<V1>,<K2>=<V2>,...
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
auth.http.auth_req.params = "clientid=%c,username=%u,password=%P"
## HTTP URL API path for SuperUser Request
##
## Value: URL
##
## Examples: http://127.0.0.1:80/mqtt/superuser, https://[::1]:80/mqtt/superuser
auth.http.super_req.url = http://127.0.0.1:80/mqtt/superuser
auth.http.super_req.url = "http://127.0.0.1:80/mqtt/superuser"
## HTTP Request Method for SuperUser Request
##
@ -53,7 +53,7 @@ auth.http.super_req.method = post
## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
##
## Examples: auth.http.super_req.headers.accept = */*
auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
auth.http.super_req.headers.content-type = "application/x-www-form-urlencoded"
## Parameters used to construct the request body or query string parameters
## When the request method is GET, these parameters will be converted into query string parameters
@ -70,14 +70,14 @@ auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
## - %d: subject of client TLS cert
##
## Value: <K1>=<V1>,<K2>=<V2>,...
auth.http.super_req.params = clientid=%c,username=%u
auth.http.super_req.params = "clientid=%c,username=%u"
## HTTP URL API path for ACL Request
##
## Value: URL
##
## Examples: http://127.0.0.1:80/mqtt/acl, https://[::1]:80/mqtt/acl
auth.http.acl_req.url = http://127.0.0.1:80/mqtt/acl
auth.http.acl_req.url = "http://127.0.0.1:80/mqtt/acl"
## HTTP Request Method for ACL Request
##
@ -88,7 +88,7 @@ auth.http.acl_req.method = post
## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
##
## Examples: auth.http.acl_req.headers.accept = */*
auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded
auth.http.acl_req.headers.content-type = "application/x-www-form-urlencoded"
## Parameters used to construct the request body or query string parameters
## When the request method is GET, these parameters will be converted into query string parameters
@ -105,7 +105,7 @@ auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded
## - %d: subject of client TLS cert
##
## Value: <K1>=<V1>,<K2>=<V2>,...
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
auth.http.acl_req.params = "access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m"
## Time-out time for the request.
##
@ -140,14 +140,14 @@ auth.http.pool_size = 32
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
## auth.http.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
## The path to a file containing the client's certificate.
##
## Value: File
## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
## auth.http.ssl.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
## Path to a file containing the client's private PEM-encoded key.
##
## Value: File
## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
## auth.http.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"

2
apps/emqx_auth_http/rebar.config
View File

@ -21,7 +21,7 @@
{profiles,
[{test,
[{deps,
[{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
[
{emqtt, {git, "https://github.com/emqx/emqtt", {tag, "v1.2.2"}}}
]}
]}

8
apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
View File

@ -10,13 +10,13 @@ auth.jwt.secret = emqxsecret
## RSA or ECDSA public key file.
##
## Value: File
#auth.jwt.pubkey = etc/certs/jwt_public_key.pem
#auth.jwt.pubkey = "etc/certs/jwt_public_key.pem"
## The JWKs server address
##
## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
##
#auth.jwt.jwks = https://127.0.0.1:8080/jwks
#auth.jwt.jwks.endpoint = "https://127.0.0.1:8080/jwks"
## The JWKs refresh interval
##
@ -32,7 +32,7 @@ auth.jwt.from = password
## Enable to verify claims fields
##
## Value: on | off
auth.jwt.verify_claims = off
auth.jwt.verify_claims.enable = off
## The checklist of claims to validate
##
@ -46,4 +46,4 @@ auth.jwt.verify_claims = off
##
## For example, to verify that the username in the JWT payload is the same
## as the client (MQTT protocol) username
#auth.jwt.verify_claims.username = %u
#auth.jwt.verify_claims.username = "%u"

6
apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
View File

@ -4,7 +4,7 @@
{datatype, string}
]}.
{mapping, "auth.jwt.jwks", "emqx_auth_jwt.jwks", [
{mapping, "auth.jwt.jwks.endpoint", "emqx_auth_jwt.jwks", [
{datatype, string}
]}.
@ -26,7 +26,7 @@
{datatype, {enum, [raw, der]}}
]}.
{mapping, "auth.jwt.verify_claims", "emqx_auth_jwt.verify_claims", [
{mapping, "auth.jwt.verify_claims.enable", "emqx_auth_jwt.verify_claims", [
{default, off},
{datatype, flag}
]}.
@ -36,7 +36,7 @@
]}.
{translation, "emqx_auth_jwt.verify_claims", fun(Conf) ->
case cuttlefish:conf_get("auth.jwt.verify_claims", Conf) of
case cuttlefish:conf_get("auth.jwt.verify_claims.enable", Conf) of
false -> cuttlefish:unset();
true ->
lists:foldr(

2
apps/emqx_auth_jwt/rebar.config
View File

@ -20,6 +20,6 @@
{profiles,
[{test,
[{deps, [{emqx_ct_helpers, {git, "http://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]}
[{deps, []}
]}
]}.

16
apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
View File

@ -5,7 +5,7 @@
## LDAP server list, seperated by ','.
##
## Value: String
auth.ldap.servers = 127.0.0.1
auth.ldap.servers = "127.0.0.1"
## LDAP server port.
##
@ -20,7 +20,7 @@ auth.ldap.pool = 8
## LDAP Bind DN.
##
## Value: DN
auth.ldap.bind_dn = cn=root,dc=emqx,dc=io
auth.ldap.bind_dn = "cn=root,dc=emqx,dc=io"
## LDAP Bind Password.
##
@ -37,7 +37,7 @@ auth.ldap.timeout = 30s
## Variables:
##
## Value: DN
auth.ldap.device_dn = ou=device,dc=emqx,dc=io
auth.ldap.device_dn = "ou=device,dc=emqx,dc=io"
## Specified ObjectClass
##
@ -63,15 +63,15 @@ auth.ldap.password.attributetype = userPassword
## Whether to enable SSL.
##
## Value: true | false
auth.ldap.ssl = false
auth.ldap.ssl.enable = false
#auth.ldap.ssl.certfile = etc/certs/cert.pem
#auth.ldap.ssl.certfile = "etc/certs/cert.pem"
#auth.ldap.ssl.keyfile = etc/certs/key.pem
#auth.ldap.ssl.keyfile = "etc/certs/key.pem"
#auth.ldap.ssl.cacertfile = etc/certs/cacert.pem
#auth.ldap.ssl.cacertfile = "etc/certs/cacert.pem"
#auth.ldap.ssl.verify = verify_peer
#auth.ldap.ssl.verify = "verify_peer"
#auth.ldap.ssl.fail_if_no_peer_cert = true

4
apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
View File

@ -31,7 +31,7 @@
{datatype, {duration, ms}}
]}.
{mapping, "auth.ldap.ssl", "emqx_auth_ldap.ldap", [
{mapping, "auth.ldap.ssl.enable", "emqx_auth_ldap.ldap", [
{default, false},
{datatype, {enum, [true, false]}}
]}.
@ -85,7 +85,7 @@
{bind_password, BindPassword},
{pool, Pool},
{auto_reconnect, 2}],
case cuttlefish:conf_get("auth.ldap.ssl", Conf) of
case cuttlefish:conf_get("auth.ldap.ssl.enable", Conf) of
true -> [{ssl, true}, {sslopts, Filter(SslOpts())}|Opts];
false -> [{ssl, false}|Opts]
end

2
apps/emqx_auth_ldap/rebar.config
View File

@ -4,7 +4,7 @@
{profiles,
[{test,
[{deps, [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]}
[{deps, []}
]}
]}.

12
apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
View File

@ -10,12 +10,12 @@ auth.mnesia.password_hash = sha256
## Examples
##auth.client.1.clientid = id
##auth.client.1.password = passwd
##auth.client.2.clientid = dev:devid
##auth.client.2.clientid = "dev:devid"
##auth.client.2.password = passwd2
##auth.client.3.clientid = app:appid
##auth.client.3.clientid = "app:appid"
##auth.client.3.password = passwd3
##auth.client.4.clientid = client~!@#$%^&*()_+
##auth.client.4.password = passwd~!@#$%^&*()_+
##auth.client.4.clientid = "client~!@#$%^&*()_+"
##auth.client.4.password = "passwd~!@#$%^&*()_+"
##--------------------------------------------------------------------
## Username Authentication
@ -26,5 +26,5 @@ auth.mnesia.password_hash = sha256
##auth.user.1.password = public
##auth.user.2.username = feng@emqtt.io
##auth.user.2.password = public
##auth.user.3.username = name~!@#$%^&*()_+
##auth.user.3.password = pwsswd~!@#$%^&*()_+
##auth.user.3.username = "name~!@#$%^&*()_+"
##auth.user.3.password = "pwsswd~!@#$%^&*()_+"

32
apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
View File

@ -16,8 +16,8 @@ auth.mongo.type = single
##
## Value: String
##
## Examples: 127.0.0.1:27017,127.0.0.2:27017...
auth.mongo.server = 127.0.0.1:27017
## Examples: "127.0.0.1:27017,127.0.0.2:27017,..."
auth.mongo.server = "127.0.0.1:27017"
## MongoDB pool size
##
@ -53,7 +53,7 @@ auth.mongo.database = mqtt
## Whether to enable SSL connection.
##
## Value: on | off
## auth.mongo.ssl = off
## auth.mongo.ssl.enable = off
## SSL keyfile.
##
@ -102,17 +102,17 @@ auth.mongo.topology.max_overflow = 0
auth.mongo.auth_query.password_hash = sha256
## sha256 with salt suffix
## auth.mongo.auth_query.password_hash = sha256,salt
## auth.mongo.auth_query.password_hash = "sha256,salt"
## sha256 with salt prefix
## auth.mongo.auth_query.password_hash = salt,sha256
## auth.mongo.auth_query.password_hash = "salt,sha256"
## bcrypt with salt prefix
## auth.mongo.auth_query.password_hash = salt,bcrypt
## auth.mongo.auth_query.password_hash = "salt,bcrypt"
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
## auth.mongo.auth_query.password_hash = "pbkdf2,sha256,1000,20"
## Authentication query.
auth.mongo.auth_query.collection = mqtt_user
@ -131,15 +131,15 @@ auth.mongo.auth_query.password_field = password
## - %d: subject of client TLS cert
##
## auth.mongo.auth_query.selector = {Field}={Placeholder}
auth.mongo.auth_query.selector = username=%u
auth.mongo.auth_query.selector = "username=%u"
## -------------------------------------------------
## Super User Query
## -------------------------------------------------
auth.mongo.super_query.collection = mqtt_user
auth.mongo.super_query.super_field = is_superuser
#auth.mongo.super_query.selector = username=%u, clientid=%c
auth.mongo.super_query.selector = username=%u
#auth.mongo.super_query.selector.1 = username=%u, clientid=%c
auth.mongo.super_query.selector = "username=%u"
## ACL Selector.
##
@ -150,8 +150,8 @@ auth.mongo.super_query.selector = username=%u
##
## With following 2 selectors configured:
##
## auth.mongo.acl_query.selector.1 = username=%u
## auth.mongo.acl_query.selector.2 = username=$all
## auth.mongo.acl_query.selector.1 = "username=%u"
## auth.mongo.acl_query.selector.2 = "username=$all"
##
## And if a client connected using username 'ilyas',
## then the following mongo command will be used to
@ -165,8 +165,8 @@ auth.mongo.super_query.selector = username=%u
##
## Examples:
##
## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c
## auth.mongo.acl_query.selector.2 = username=$all
## auth.mongo.acl_query.selector.3 = clientid=$all
## auth.mongo.acl_query.selector.1 = "username=%u,clientid=%c"
## auth.mongo.acl_query.selector.2 = "username=$all"
## auth.mongo.acl_query.selector.3 = "clientid=$all"
auth.mongo.acl_query.collection = mqtt_acl
auth.mongo.acl_query.selector = username=%u
auth.mongo.acl_query.selector = "username=%u"

13
apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
View File

@ -45,7 +45,7 @@
{datatype, string}
]}.
{mapping, "auth.mongo.ssl", "emqx_auth_mongo.server", [
{mapping, "auth.mongo.ssl.enable", "emqx_auth_mongo.server", [
{default, off},
{datatype, {enum, [on, off, true, false]}} %% FIXME: ture/false is compatible with 4.0-4.2 version format, plan to delete in 5.0
]}.
@ -121,7 +121,6 @@
true -> [];
false -> [{r_mode, R}]
end,
Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
SslOpts = fun(Prefix) ->
Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
@ -130,8 +129,14 @@
end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
Ssl = case cuttlefish:conf_get("auth.mongo.ssl", Conf) of
on -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}];
GenSsl = case cuttlefish:conf_get("auth.mongo.ssl.cacertfile", Conf, undefined) of
undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
_ -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}]
end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
Ssl = case cuttlefish:conf_get("auth.mongo.ssl.enable", Conf) of
on -> GenSsl;
off -> [];
true -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
false -> []

18
apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
View File

@ -7,7 +7,7 @@
## Value: Port | IP:Port
##
## Examples: 3306, 127.0.0.1:3306, localhost:3306
auth.mysql.server = 127.0.0.1:3306
auth.mysql.server = "127.0.0.1:3306"
## MySQL pool size.
##
@ -50,7 +50,7 @@ auth.mysql.database = mqtt
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
auth.mysql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
## Password hash.
@ -59,17 +59,17 @@ auth.mysql.auth_query = select password from mqtt_user where username = '%u' lim
auth.mysql.password_hash = sha256
## sha256 with salt prefix
## auth.mysql.password_hash = salt,sha256
## auth.mysql.password_hash = "salt,sha256"
## bcrypt with salt only prefix
## auth.mysql.password_hash = salt,bcrypt
## auth.mysql.password_hash = "salt,bcrypt"
## sha256 with salt suffix
## auth.mysql.password_hash = sha256,salt
## auth.mysql.password_hash = "sha256,salt"
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mysql.password_hash = pbkdf2,sha256,1000,20
## auth.mysql.password_hash = "pbkdf2,sha256,1000,20"
## Superuser query.
##
@ -81,7 +81,7 @@ auth.mysql.password_hash = sha256
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
auth.mysql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
## ACL query.
##
@ -93,12 +93,12 @@ auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u
## - %c: clientid
##
## Note: You can add the 'ORDER BY' statement to control the rules match order
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
auth.mysql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
## Mysql ssl configuration.
##
## Value: on | off
#auth.mysql.ssl = off
## auth.mysql.ssl.enable = off
## CA certificate.
##

4
apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
View File

@ -30,7 +30,7 @@
{datatype, string}
]}.
{mapping, "auth.mysql.ssl", "emqx_auth_mysql.server", [
{mapping, "auth.mysql.ssl.enable", "emqx_auth_mysql.server", [
{default, off},
{datatype, flag}
]}.
@ -85,7 +85,7 @@
{keep_alive, true}],
Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
Options1 =
case cuttlefish:conf_get("auth.mysql.ssl", Conf) of
case cuttlefish:conf_get("auth.mysql.ssl.enable", Conf) of
true ->
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
CA = cuttlefish:conf_get(

2
apps/emqx_auth_pgsql/README.md
View File

@ -49,7 +49,7 @@ auth.pgsql.encoding = utf8
## Whether to enable SSL connection.
##
## Value: true | false
auth.pgsql.ssl = false
auth.pgsql.ssl.enable = false
## SSL keyfile.
##

20
apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
View File

@ -6,8 +6,8 @@
##
## Value: Port | IP:Port
##
## Examples: 5432, 127.0.0.1:5432, localhost:5432
auth.pgsql.server = 127.0.0.1:5432
## Examples: 5432, "127.0.0.1:5432", "localhost:5432"
auth.pgsql.server = "127.0.0.1:5432"
## PostgreSQL pool size.
##
@ -37,7 +37,7 @@ auth.pgsql.encoding = utf8
## Whether to enable SSL connection.
##
## Value: on | off
auth.pgsql.ssl = off
auth.pgsql.ssl.enable = off
## TLS version.
##
@ -72,7 +72,7 @@ auth.pgsql.ssl = off
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
auth.pgsql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
## Password hash.
##
@ -80,17 +80,17 @@ auth.pgsql.auth_query = select password from mqtt_user where username = '%u' lim
auth.pgsql.password_hash = sha256
## sha256 with salt prefix
## auth.pgsql.password_hash = salt,sha256
## auth.pgsql.password_hash = "salt,sha256"
## sha256 with salt suffix
## auth.pgsql.password_hash = sha256,salt
## auth.pgsql.password_hash = "sha256,salt"
## bcrypt with salt prefix
## auth.pgsql.password_hash = salt,bcrypt
## auth.pgsql.password_hash = "salt,bcrypt"
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
## auth.pgsql.password_hash = "pbkdf2,sha256,1000,20"
## Superuser query.
##
@ -102,7 +102,7 @@ auth.pgsql.password_hash = sha256
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
auth.pgsql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
## ACL query. Comment this query, the ACL will be disabled.
##
@ -114,4 +114,4 @@ auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u
## - %c: clientid
##
## Note: You can add the 'ORDER BY' statement to control the rules match order
auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
auth.pgsql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"

12
apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
View File

@ -30,7 +30,7 @@
{datatype, atom}
]}.
{mapping, "auth.pgsql.ssl", "emqx_auth_pgsql.server", [
{mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [
{default, off},
{datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0
]}.
@ -98,8 +98,14 @@
end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
Ssl = case cuttlefish:conf_get("auth.pgsql.ssl", Conf) of
on -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}];
GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of
undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
_ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]
end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of
on -> GenSsl;
off -> [];
true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
false -> []

32
apps/emqx_auth_redis/etc/emqx_auth_redis.conf
View File

@ -12,9 +12,9 @@ auth.redis.type = single
## Value: Port | IP:Port
##
## Single Redis Server: 127.0.0.1:6379, localhost:6379
## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
auth.redis.server = 127.0.0.1:6379
## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379"
## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379"
auth.redis.server = "127.0.0.1:6379"
## Redis sentinel cluster name.
##
@ -52,10 +52,10 @@ auth.redis.database = 0
## - %d: subject of client TLS cert
##
## Examples:
## - HGET mqtt_user:%u password
## - HMGET mqtt_user:%u password
## - HMGET mqtt_user:%u password salt
auth.redis.auth_cmd = HMGET mqtt_user:%u password
## - "HGET mqtt_user:%u password"
## - "HMGET mqtt_user:%u password"
## - "HMGET mqtt_user:%u password salt"
auth.redis.auth_cmd = "HMGET mqtt_user:%u password"
## Password hash.
##
@ -63,17 +63,17 @@ auth.redis.auth_cmd = HMGET mqtt_user:%u password
auth.redis.password_hash = plain
## sha256 with salt prefix
## auth.redis.password_hash = salt,sha256
## auth.redis.password_hash = "salt,sha256"
## sha256 with salt suffix
## auth.redis.password_hash = sha256,salt
## auth.redis.password_hash = "sha256,salt"
## bcrypt with salt prefix
## auth.redis.password_hash = salt,bcrypt
## auth.redis.password_hash = "salt,bcrypt"
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.redis.password_hash = pbkdf2,sha256,1000,20
## auth.redis.password_hash = "pbkdf2,sha256,1000,20"
## Superuser query command.
##
@ -84,7 +84,7 @@ auth.redis.password_hash = plain
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser"
## ACL query command.
##
@ -93,12 +93,12 @@ auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
## Variables:
## - %u: username
## - %c: clientid
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
auth.redis.acl_cmd = "HGETALL mqtt_acl:%u"
## Redis ssl configuration.
##
## Value: on | off
#auth.redis.ssl = off
# auth.redis.ssl.enable = off
## CA certificate.
##
@ -108,10 +108,10 @@ auth.redis.acl_cmd = HGETALL mqtt_acl:%u
## Client ssl certificate.
##
## Value: File
#auth.redis.ssl.certfile = path/to/your/certfile
# auth.redis.ssl.certfile = path/to/your/certfile
## Client ssl keyfile.
##
## Value: File
#auth.redis.ssl.keyfile = path/to/your/keyfile
# auth.redis.ssl.keyfile = path/to/your/keyfile

22
apps/emqx_auth_redis/priv/emqx_auth_redis.schema
View File

@ -33,7 +33,7 @@
hidden
]}.
{mapping, "auth.redis.ssl", "emqx_auth_redis.options", [
{mapping, "auth.redis.ssl.enable", "emqx_auth_redis.options", [
{default, off},
{datatype, flag}
]}.
@ -50,26 +50,8 @@
{datatype, string}
]}.
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [
{default, ""},
{datatype, string}
]}.
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [
{default, ""},
{datatype, string}
]}.
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [
{default, ""},
{datatype, string}
]}.
{translation, "emqx_auth_redis.options", fun(Conf) ->
Ssl = cuttlefish:conf_get("auth.redis.ssl", Conf, false),
Ssl = cuttlefish:conf_get("auth.redis.ssl.enable", Conf, false),
Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
case Ssl of
true ->

36
apps/emqx_bridge_mqtt/README.md
View File

@ -53,13 +53,13 @@ The following is the basic configuration of RPC bridging. A simplest RPC bridgin
```
## Bridge Address: Use node name (nodename@host) for rpc bridging, and host:port for mqtt connection
bridge.mqtt.emqx2.address = emqx2@192.168.1.2
bridge.mqtt.emqx2.address = "emqx2@192.168.1.2"
## Forwarding topics of the message
bridge.mqtt.emqx2.forwards = sensor1/#,sensor2/#
bridge.mqtt.emqx2.forwards = "sensor1/#,sensor2/#"
## bridged mountpoint
bridge.mqtt.emqx2.mountpoint = bridge/emqx2/${node}/
bridge.mqtt.emqx2.mountpoint = "bridge/emqx2/${node}/"
```
If the messages received by the local node emqx1 matches the topic `sersor1/#` or `sensor2/#`, these messages will be forwarded to the `sensor1/#` or `sensor2/#` topic of the remote node emqx2.
@ -82,66 +82,66 @@ EMQ X MQTT bridging principle: Create an MQTT client on the EMQ X broker, and co
```
## Bridge Address: Use node name for rpc bridging, use host:port for mqtt connection
bridge.mqtt.emqx2.address = 192.168.1.2:1883
bridge.mqtt.emqx2.address = "192.168.1.2:1883"
## Bridged Protocol Version
## Enumeration value: mqttv3 | mqttv4 | mqttv5
bridge.mqtt.emqx2.proto_ver = mqttv4
bridge.mqtt.emqx2.proto_ver = "mqttv4"
## mqtt client's clientid
bridge.mqtt.emqx2.clientid = bridge_emq
bridge.mqtt.emqx2.clientid = "bridge_emq"
## mqtt client's clean_start field
## Note: Some MQTT Brokers need to set the clean_start value as `true`
bridge.mqtt.emqx2.clean_start = true
## mqtt client's username field
bridge.mqtt.emqx2.username = user
bridge.mqtt.emqx2.username = "user"
## mqtt client's password field
bridge.mqtt.emqx2.password = passwd
bridge.mqtt.emqx2.password = "passwd"
## Whether the mqtt client uses ssl to connect to a remote serve or not
bridge.mqtt.emqx2.ssl = off
## CA Certificate of Client SSL Connection (PEM format)
bridge.mqtt.emqx2.cacertfile = etc/certs/cacert.pem
bridge.mqtt.emqx2.cacertfile = "etc/certs/cacert.pem"
## SSL certificate of Client SSL connection
bridge.mqtt.emqx2.certfile = etc/certs/client-cert.pem
bridge.mqtt.emqx2.certfile = "etc/certs/client-cert.pem"
## Key file of Client SSL connection
bridge.mqtt.emqx2.keyfile = etc/certs/client-key.pem
bridge.mqtt.emqx2.keyfile = "etc/certs/client-key.pem"
## SSL encryption
bridge.mqtt.emqx2.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384
bridge.mqtt.emqx2.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384"
## TTLS PSK password
## Note 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot be configured at the same time
##
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
## bridge.mqtt.emqx2.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
## bridge.mqtt.emqx2.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## Client's heartbeat interval
bridge.mqtt.emqx2.keepalive = 60s
## Supported TLS version
bridge.mqtt.emqx2.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
bridge.mqtt.emqx2.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## Forwarding topics of the message
bridge.mqtt.emqx2.forwards = sensor1/#,sensor2/#
bridge.mqtt.emqx2.forwards = "sensor1/#,sensor2/#"
## Bridged mountpoint
bridge.mqtt.emqx2.mountpoint = bridge/emqx2/${node}/
bridge.mqtt.emqx2.mountpoint = "bridge/emqx2/${node}/"
## Subscription topic for bridging
bridge.mqtt.emqx2.subscription.1.topic = cmd/topic1
bridge.mqtt.emqx2.subscription.1.topic = "cmd/topic1"
## Subscription qos for bridging
bridge.mqtt.emqx2.subscription.1.qos = 1
## Subscription topic for bridging
bridge.mqtt.emqx2.subscription.2.topic = cmd/topic2
bridge.mqtt.emqx2.subscription.2.topic = "cmd/topic2"
## Subscription qos for bridging
bridge.mqtt.emqx2.subscription.2.qos = 1

44
apps/emqx_bridge_mqtt/docs/guide.rst
View File

@ -39,7 +39,7 @@ In EMQ X, bridge is configured by modifying ``etc/emqx.conf``. EMQ X distinguish
.. code-block::
## Bridge address: node name for local bridge, host:port for remote.
bridge.mqtt.aws.address = 127.0.0.1:1883
bridge.mqtt.aws.address = "127.0.0.1:1883"
This configuration declares a bridge named ``aws`` and specifies that it is bridged to the MQTT broker of 127.0.0.1:1883 by MQTT mode.
@ -69,13 +69,13 @@ The following is the basic configuration of RPC bridging. A simplest RPC bridgin
.. code-block::
## Bridge Address: Use node name (nodename@host) for rpc bridging, and host:port for mqtt connection
bridge.mqtt.emqx2.address = emqx2@192.168.1.2
bridge.mqtt.emqx2.address = "emqx2@192.168.1.2"
## Forwarding topics of the message
bridge.mqtt.emqx2.forwards = sensor1/#,sensor2/#
bridge.mqtt.emqx2.forwards = "sensor1/#,sensor2/#"
## bridged mountpoint
bridge.mqtt.emqx2.mountpoint = bridge/emqx2/${node}/
bridge.mqtt.emqx2.mountpoint = "bridge/emqx2/${node}/"
If the messages received by the local node emqx1 matches the topic ``sersor1/#`` or ``sensor2/#``\ , these messages will be forwarded to the ``sensor1/#`` or ``sensor2/#`` topic of the remote node emqx2.
@ -86,10 +86,10 @@ If the messages received by the local node emqx1 matches the topic ``sersor1/#``
Limitations of RPC bridging:
#.
#.
The RPC bridge of emqx can only forward local messages to the remote node, and cannot synchronize the messages of the remote node to the local node;
#.
#.
RPC bridge can only bridge two EMQ X broker together and cannot bridge EMQ X broker to other MQTT brokers.
EMQ X MQTT Bridge Configuration
@ -102,66 +102,66 @@ EMQ X MQTT bridging principle: Create an MQTT client on the EMQ X broker, and co
.. code-block::
## Bridge Address: Use node name for rpc bridging, use host:port for mqtt connection
bridge.mqtt.emqx2.address = 192.168.1.2:1883
bridge.mqtt.emqx2.address = "192.168.1.2:1883"
## Bridged Protocol Version
## Enumeration value: mqttv3 | mqttv4 | mqttv5
bridge.mqtt.emqx2.proto_ver = mqttv4
bridge.mqtt.emqx2.proto_ver = "mqttv4"
## mqtt client's clientid
bridge.mqtt.emqx2.clientid = bridge_emq
bridge.mqtt.emqx2.clientid = "bridge_emq"
## mqtt client's clean_start field
## Note: Some MQTT Brokers need to set the clean_start value as `true`
bridge.mqtt.emqx2.clean_start = true
## mqtt client's username field
bridge.mqtt.emqx2.username = user
bridge.mqtt.emqx2.username = "user"
## mqtt client's password field
bridge.mqtt.emqx2.password = passwd
bridge.mqtt.emqx2.password = "passwd"
## Whether the mqtt client uses ssl to connect to a remote serve or not
bridge.mqtt.emqx2.ssl = off
## CA Certificate of Client SSL Connection (PEM format)
bridge.mqtt.emqx2.cacertfile = etc/certs/cacert.pem
bridge.mqtt.emqx2.cacertfile = "etc/certs/cacert.pem"
## SSL certificate of Client SSL connection
bridge.mqtt.emqx2.certfile = etc/certs/client-cert.pem
bridge.mqtt.emqx2.certfile = "etc/certs/client-cert.pem"
## Key file of Client SSL connection
bridge.mqtt.emqx2.keyfile = etc/certs/client-key.pem
bridge.mqtt.emqx2.keyfile = "etc/certs/client-key.pem"
## TTLS PSK password
## Note 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot be configured at the same time
##
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
## bridge.mqtt.emqx2.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
## bridge.mqtt.emqx2.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## Client's heartbeat interval
bridge.mqtt.emqx2.keepalive = 60s
## Supported TLS version
bridge.mqtt.emqx2.tls_versions = tlsv1.2
bridge.mqtt.emqx2.tls_versions = "tlsv1.2"
## SSL encryption
bridge.mqtt.emqx2.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384
bridge.mqtt.emqx2.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384"
## Forwarding topics of the message
bridge.mqtt.emqx2.forwards = sensor1/#,sensor2/#
bridge.mqtt.emqx2.forwards = "sensor1/#,sensor2/#"
## Bridged mountpoint
bridge.mqtt.emqx2.mountpoint = bridge/emqx2/${node}/
bridge.mqtt.emqx2.mountpoint = "bridge/emqx2/${node}/"
## Subscription topic for bridging
bridge.mqtt.emqx2.subscription.1.topic = cmd/topic1
bridge.mqtt.emqx2.subscription.1.topic = "cmd/topic1"
## Subscription qos for bridging
bridge.mqtt.emqx2.subscription.1.qos = 1
## Subscription topic for bridging
bridge.mqtt.emqx2.subscription.2.topic = cmd/topic2
bridge.mqtt.emqx2.subscription.2.topic = "cmd/topic2"
## Subscription qos for bridging
bridge.mqtt.emqx2.subscription.2.qos = 1
@ -190,7 +190,7 @@ The bridge of EMQ X has a message caching mechanism. The caching mechanism is ap
bridge.mqtt.emqx2.queue.batch_bytes_limit = 1000MB
## The path for placing replayq queue. If it is not specified, then replayq will run in `mem-only` mode and messages will not be cached on disk.
bridge.mqtt.emqx2.queue.replayq_dir = data/emqx_emqx2_bridge/
bridge.mqtt.emqx2.queue.replayq_dir = "data/emqx_emqx2_bridge/"
## Replayq data segment size
bridge.mqtt.emqx2.queue.replayq_seg_bytes = 10MB

28
apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
View File

@ -9,8 +9,8 @@
## Bridge address: node name for local bridge, host:port for remote.
##
## Value: String
## Example: emqx@127.0.0.1, 127.0.0.1:1883
bridge.mqtt.aws.address = 127.0.0.1:1883
## Example: emqx@127.0.0.1, "127.0.0.1:1883"
bridge.mqtt.aws.address = "127.0.0.1:1883"
## Protocol version of the bridge.
##
@ -65,18 +65,18 @@ bridge.mqtt.aws.password = passwd
## Topics that need to be forward to AWS IoTHUB
##
## Value: String
## Example: topic1/#,topic2/#
bridge.mqtt.aws.forwards = topic1/#,topic2/#
## Example: "topic1/#,topic2/#"
bridge.mqtt.aws.forwards = "topic1/#,topic2/#"
## Forward messages to the mountpoint of an AWS IoTHUB
##
## Value: String
bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/
bridge.mqtt.aws.forward_mountpoint = "bridge/aws/${node}/"
## Need to subscribe to AWS topics
##
## Value: String
## bridge.mqtt.aws.subscription.1.topic = cmd/topic1
## bridge.mqtt.aws.subscription.1.topic = "cmd/topic1"
## Need to subscribe to AWS topics QoS.
##
@ -86,7 +86,7 @@ bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/
## A mountpoint that receives messages from AWS IoTHUB
##
## Value: String
## bridge.mqtt.aws.receive_mountpoint = receive/aws/
## bridge.mqtt.aws.receive_mountpoint = "receive/aws/"
## Bribge to remote server via SSL.
@ -97,28 +97,28 @@ bridge.mqtt.aws.ssl = off
## PEM-encoded CA certificates of the bridge.
##
## Value: File
bridge.mqtt.aws.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
bridge.mqtt.aws.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## Client SSL Certfile of the bridge.
##
## Value: File
bridge.mqtt.aws.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
bridge.mqtt.aws.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
## Client SSL Keyfile of the bridge.
##
## Value: File
bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
bridge.mqtt.aws.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
## SSL Ciphers used by the bridge.
##
## Value: String
bridge.mqtt.aws.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
bridge.mqtt.aws.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## Ciphers for TLS PSK.
## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#bridge.mqtt.aws.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
#bridge.mqtt.aws.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## Ping interval of a down bridge.
##
@ -130,7 +130,7 @@ bridge.mqtt.aws.keepalive = 60s
##
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## Value: String
bridge.mqtt.aws.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
bridge.mqtt.aws.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## Bridge reconnect time.
##
@ -160,7 +160,7 @@ bridge.mqtt.aws.max_inflight_size = 32
## replayq works in a mem-only manner.
##
## Value: String
bridge.mqtt.aws.queue.replayq_dir = {{ platform_data_dir }}/replayq/emqx_aws_bridge/
bridge.mqtt.aws.queue.replayq_dir = "{{ platform_data_dir }}/replayq/emqx_aws_bridge/"
## Replayq segment size
##

24
apps/emqx_coap/etc/emqx_coap.conf
View File

@ -4,13 +4,13 @@
## The IP and UDP port that CoAP bind with.
##
## Default: 0.0.0.0:5683
## Default: "0.0.0.0:5683"
##
## Examples:
## coap.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
## coap.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683"
##
coap.bind.udp.1 = 0.0.0.0:5683
##coap.bind.udp.2 = 0.0.0.0:6683
coap.bind.udp.1 = "0.0.0.0:5683"
##coap.bind.udp.2 = "0.0.0.0:6683"
## Whether to enable statistics for CoAP clients.
##
@ -23,13 +23,13 @@ coap.enable_stats = off
## The DTLS port that CoAP is listening on.
##
## Default: 0.0.0.0:5684
## Default: "0.0.0.0:5684"
##
## Examples:
## coap.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
## coap.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684"
##
coap.bind.dtls.1 = 0.0.0.0:5684
##coap.bind.dtls.2 = 0.0.0.0:6684
coap.bind.dtls.1 = "0.0.0.0:5684"
##coap.bind.dtls.2 = "0.0.0.0:6684"
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
@ -43,17 +43,17 @@ coap.bind.dtls.1 = 0.0.0.0:5684
## Private key file for DTLS
##
## Value: File
coap.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
coap.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Server certificate for DTLS.
##
## Value: File
coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
coap.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
## PEM-encoded CA certificates for DTLS
##
## Value: File
## coap.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## coap.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
@ -79,4 +79,4 @@ coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
coap.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
coap.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"

4
apps/emqx_coap/rebar.config
View File

@ -21,8 +21,6 @@
{profiles,
[{test,
[{deps,
[{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}},
{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}
]}
[{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}}]}
]}
]}.

8
apps/emqx_exhook/etc/emqx_exhook.conf
View File

@ -8,8 +8,8 @@
## The gRPC server url
##
## exhook.server.$name.url = url()
exhook.server.default.url = http://127.0.0.1:9000
exhook.server.default.url = "http://127.0.0.1:9000"
#exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
#exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem
#exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem
#exhook.server.default.ssl.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
#exhook.server.default.ssl.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
#exhook.server.default.ssl.keyfile = "{{ platform_etc_dir }}/certs/key.pem"

3
apps/emqx_exhook/rebar.config
View File

@ -41,7 +41,6 @@
{profiles,
[{test,
[{deps,
[{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.1"}}}
]}
[]}
]}
]}.

30
apps/emqx_exproto/etc/emqx_exproto.conf
View File

@ -5,9 +5,9 @@
exproto.server.http.port = 9100
exproto.server.https.port = 9101
exproto.server.https.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
exproto.server.https.certfile = {{ platform_etc_dir }}/certs/cert.pem
exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem
exproto.server.https.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
exproto.server.https.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
exproto.server.https.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
##--------------------------------------------------------------------
## Listeners
@ -20,12 +20,12 @@ exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem
##
## Value: <tcp|ssl|udp|dtls>://<ip>:<port>
##
## Examples: tcp://0.0.0.0:7993 | ssl://127.0.0.1:7994
exproto.listener.protoname = tcp://0.0.0.0:7993
## Examples: "tcp://0.0.0.0:7993" | "ssl://127.0.0.1:7994"
exproto.listener.protoname.endpoint = "tcp://0.0.0.0:7993"
## The ConnectionHandler server address
##
exproto.listener.protoname.connection_handler_url = http://127.0.0.1:9001
exproto.listener.protoname.connection_handler_url = "http://127.0.0.1:9001"
#exproto.listener.protoname.connection_handler_certfile =
#exproto.listener.protoname.connection_handler_cacertfile =
@ -62,8 +62,8 @@ exproto.listener.protoname.idle_timeout = 30s
##
## Value: ACL Rule
##
## Example: allow 192.168.0.0/24
exproto.listener.protoname.access.1 = allow all
## Example: "allow 192.168.0.0/24"
exproto.listener.protoname.access.1 = "allow all"
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
@ -146,27 +146,27 @@ exproto.listener.protoname.reuseaddr = true
## See: http://erlang.org/doc/man/ssl.html
##
## Value: String, seperated by ','
#exproto.listener.protoname.tls_versions = tlsv1.2,tlsv1.1,tlsv1
#exproto.listener.protoname.tls_versions = "tlsv1.2,tlsv1.1,tlsv1"
## Path to the file containing the user's private PEM-encoded key.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
#exproto.listener.protoname.keyfile = {{ platform_etc_dir }}/certs/key.pem
#exproto.listener.protoname.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Path to a file containing the user certificate.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
#exproto.listener.protoname.certfile = {{ platform_etc_dir }}/certs/cert.pem
#exproto.listener.protoname.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
#exproto.listener.protoname.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
#exproto.listener.protoname.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## The Ephemeral Diffie-Helman key exchange is a very effective way of
## ensuring Forward Secrecy by exchanging a set of keys that never hit
@ -183,7 +183,7 @@ exproto.listener.protoname.reuseaddr = true
## openssl dhparam -out dh-params.pem 2048
##
## Value: File
#exproto.listener.protoname.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
#exproto.listener.protoname.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
@ -218,13 +218,13 @@ exproto.listener.protoname.reuseaddr = true
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
#exproto.listener.protoname.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
#exproto.listener.protoname.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## Ciphers for TLS PSK.
## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#exproto.listener.protoname.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
#exproto.listener.protoname.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly.

6
apps/emqx_exproto/priv/emqx_exproto.schema
View File

@ -44,7 +44,7 @@ end}.
%%--------------------------------------------------------------------
%% Listeners
{mapping, "exproto.listener.$proto", "emqx_exproto.listeners", [
{mapping, "exproto.listener.$proto.endpoint", "emqx_exproto.listeners", [
{datatype, string}
]}.
@ -340,7 +340,7 @@ end}.
Listeners = fun(Proto) ->
Prefix = string:join(["exproto","listener", Proto], "."),
Opts = HandlerOpts(Prefix) ++ ConnOpts(Prefix) ++ LisOpts(Prefix),
case cuttlefish:conf_get(Prefix, Conf, undefined) of
case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
undefined -> [];
ListenOn0 ->
case ParseListenOn(ListenOn0) of
@ -359,6 +359,6 @@ end}.
end
end
end,
lists:flatten([Listeners(Proto) || {[_, "listener", Proto], ListenOn}
lists:flatten([Listeners(Proto) || {[_, "listener", Proto, "endpoint"], ListenOn}
<- cuttlefish_variable:filter_by_prefix("exproto.listener", Conf)])
end}.

3
apps/emqx_exproto/rebar.config
View File

@ -44,7 +44,6 @@
{profiles,
[{test,
[{deps,
[{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.0"}}}
]}
[]}
]}
]}.

40
apps/emqx_lwm2m/etc/emqx_lwm2m.conf
View File

@ -21,25 +21,25 @@ lwm2m.lifetime_max = 86400s
# Placeholders supported:
# '%e': Endpoint Name
# '%a': IP Address
lwm2m.mountpoint = lwm2m/%e/
lwm2m.mountpoint = "lwm2m/%e/"
# The topic subscribed by the lwm2m client after it is connected
# Placeholders supported:
# '%e': Endpoint Name
# '%a': IP Address
lwm2m.topics.command = dn/#
lwm2m.topics.command = "dn/#"
# The topic to which the lwm2m client's response is published
lwm2m.topics.response = up/resp
lwm2m.topics.response = "up/resp"
# The topic to which the lwm2m client's notify message is published
lwm2m.topics.notify = up/notify
lwm2m.topics.notify = "up/notify"
# The topic to which the lwm2m client's register message is published
lwm2m.topics.register = up/resp
lwm2m.topics.register = "up/resp"
# The topic to which the lwm2m client's update message is published
lwm2m.topics.update = up/resp
lwm2m.topics.update = "up/resp"
# When publish the update message.
#
@ -51,18 +51,18 @@ lwm2m.topics.update = up/resp
#lwm2m.update_msg_publish_condition = contains_object_list
# Dir where the object definition files can be found
lwm2m.xml_dir = {{ platform_etc_dir }}/lwm2m_xml
lwm2m.xml_dir = "{{ platform_etc_dir }}/lwm2m_xml"
##--------------------------------------------------------------------
## UDP Listener options
## The IP and port of the LwM2M Gateway
##
## Default: 0.0.0.0:5683
## Default: "0.0.0.0:5683"
## Examples:
## lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
lwm2m.bind.udp.1 = 0.0.0.0:5683
#lwm2m.bind.udp.2 = 0.0.0.0:6683
## lwm2m.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683"
lwm2m.bind.udp.1 = "0.0.0.0:5683"
#lwm2m.bind.udp.2 = "0.0.0.0:6683"
## Socket options, used for performance tuning
##
@ -79,13 +79,13 @@ lwm2m.opts.read_packets = 20
## The DTLS port that LwM2M is listening on.
##
## Default: 0.0.0.0:5684
## Default: "0.0.0.0:5684"
##
## Examples:
## lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
## lwm2m.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684"
##
lwm2m.bind.dtls.1 = 0.0.0.0:5684
#lwm2m.bind.dtls.2 = 0.0.0.0:6684
lwm2m.bind.dtls.1 = "0.0.0.0:5684"
#lwm2m.bind.dtls.2 = "0.0.0.0:6684"
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
@ -99,17 +99,17 @@ lwm2m.bind.dtls.1 = 0.0.0.0:5684
## Private key file for DTLS
##
## Value: File
lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
lwm2m.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Server certificate for DTLS.
##
## Value: File
lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
lwm2m.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
## PEM-encoded CA certificates for DTLS
##
## Value: File
#lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
#lwm2m.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
@ -135,11 +135,11 @@ lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
lwm2m.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## Ciphers for TLS PSK.
##
## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
#lwm2m.dtls.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"

1
apps/emqx_lwm2m/rebar.config
View File

@ -5,7 +5,6 @@
{profiles,
[{test,
[{deps, [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}},
{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
{emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.0"}}}
]}
]}

2
apps/emqx_prometheus/etc/emqx_prometheus.conf
View File

@ -5,7 +5,7 @@
## The Prometheus Push Gateway URL address
##
## Note: You can comment out this line to disable it
prometheus.push.gateway.server = http://127.0.0.1:9091
prometheus.push.gateway.server = "http://127.0.0.1:9091"
## The metrics data push interval (millisecond)
##

4
apps/emqx_psk_file/etc/emqx_psk_file.conf
View File

@ -1,2 +1,2 @@
psk.file.path = {{ platform_etc_dir }}/psk.txt
psk.file.delimiter = :
psk.file.path = "{{ platform_etc_dir }}/psk.txt"
psk.file.delimiter = ":"

2
apps/emqx_retainer/etc/emqx_retainer.conf
View File

@ -37,5 +37,5 @@ retainer.max_payload_size = 1MB
## - 30m: 30 minutes
## - 20s: 20 seconds
##
## Defaut: 0
## Default: 0
retainer.expiry_interval = 0

2
apps/emqx_retainer/rebar.config
View File

@ -18,7 +18,7 @@
{profiles,
[{test,
[{deps,
[{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
[
{emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3"}}}]}
]}
]}.

2
apps/emqx_rule_engine/etc/emqx_rule_engine.conf
View File

@ -32,7 +32,7 @@ rule_engine.ignore_sys_message = on
##
## QoS-Level: qos0/qos1/qos2
#rule_engine.events.client_connected = on, qos1
#rule_engine.events.client_connected = "on, qos1"
rule_engine.events.client_connected = off
rule_engine.events.client_disconnected = off
rule_engine.events.session_subscribed = off

4
apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
View File

@ -2530,7 +2530,7 @@ start_apps() ->
[start_apps(App, SchemaFile, ConfigFile) ||
{App, SchemaFile, ConfigFile}
<- [{emqx, deps_path(emqx, "priv/emqx.schema"),
deps_path(emqx, "etc/emqx.conf")},
deps_path(emqx, "etc/emqx.conf.rendered")},
{emqx_rule_engine, local_path("priv/emqx_rule_engine.schema"),
local_path("etc/emqx_rule_engine.conf")}]].
@ -2542,7 +2542,7 @@ start_apps(App, SchemaFile, ConfigFile) ->
read_schema_configs(App, SchemaFile, ConfigFile) ->
ct:pal("Read configs - SchemaFile: ~p, ConfigFile: ~p", [SchemaFile, ConfigFile]),
Schema = cuttlefish_schema:files([SchemaFile]),
Conf = conf_parse:file(ConfigFile),
{ok, Conf} = hocon:load(ConfigFile, #{format => proplists}),
NewConfig = cuttlefish_generator:map(Schema, Conf),
Vals = proplists:get_value(App, NewConfig, []),
[application:set_env(App, Par, Value) || {Par, Value} <- Vals].

6
apps/emqx_sn/etc/emqx_sn.conf
View File

@ -6,7 +6,7 @@
##
## Value: IP:Port | Port
##
## Examples: 1884, 127.0.0.1:1884, ::1:1884
## Examples: 1884, "127.0.0.1:1884", "::1:1884"
mqtt.sn.port = 1884
## The duration that emqx-sn broadcast ADVERTISE message through.
@ -37,8 +37,8 @@ mqtt.sn.idle_timeout = 30s
## The pre-defined topic name corresponding to the pre-defined topic id of N.
## Note that the pre-defined topic id of 0 is reserved.
mqtt.sn.predefined.topic.0 = reserved
mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice
mqtt.sn.predefined.topic.1 = "/predefined/topic/name/hello"
mqtt.sn.predefined.topic.2 = "/predefined/topic/name/nice"
## Default username for MQTT-SN. This parameter is optional. If specified,
## emq-sn will connect EMQ core with this username. It is useful if any auth

24
apps/emqx_sn/priv/emqx_sn.schema
View File

@ -1,23 +1,19 @@
%%-*- mode: erlang -*-
%% emqx_sn config mapping
{mapping, "mqtt.sn.port", "emqx_sn.port", [
{default, "1884"},
{datatype, string}
{default, 1884},
{datatype, [integer, ip]}
]}.
{translation, "emqx_sn.port", fun(Conf) ->
case re:split(cuttlefish:conf_get("mqtt.sn.port", Conf, ""), ":", [{return, list}]) of
[Port] ->
{{0,0,0,0}, list_to_integer(Port)};
Tokens ->
Port = lists:last(Tokens),
IP = case inet:parse_address(lists:flatten(lists:join(":", Tokens -- [Port]))) of
{error, Reason} ->
throw({invalid_ip_address, Reason});
{ok, X} -> X
end,
Port1 = list_to_integer(Port),
{IP, Port1}
case cuttlefish:conf_get("mqtt.sn.port", Conf, undefined) of
Port when is_integer(Port) ->
{{0,0,0,0}, Port};
{Ip, Port} ->
case inet:parse_address(Ip) of
{ok ,R} -> {R, Port};
_ -> {Ip, Port}
end
end
end}.

3
apps/emqx_sn/rebar.config
View File

@ -2,8 +2,7 @@
{plugins, [rebar3_proper]}.
{deps,
[{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}},
{cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}
[{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}}
]}.
{edoc_opts, [{preprocess, true}]}.

14
apps/emqx_stomp/etc/emqx_stomp.conf
View File

@ -8,7 +8,7 @@
## The Port that stomp listener will bind.
##
## Value: Port
stomp.listener = 61613
stomp.listener.port = 61613
## The acceptor pool for stomp listener.
##
@ -28,22 +28,22 @@ stomp.listener.max_connections = 512
## Path to the file containing the user's private PEM-encoded key.
##
## Value: File
## stomp.listener.keyfile = etc/certs/key.pem
## stomp.listener.keyfile = "etc/certs/key.pem"
## Path to a file containing the user certificate.
##
## Value: File
## stomp.listener.certfile = etc/certs/cert.pem
## stomp.listener.certfile = "etc/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates.
##
## Value: File
## stomp.listener.cacertfile = etc/certs/cacert.pem
## stomp.listener.cacertfile = "etc/certs/cacert.pem"
## See: 'listener.ssl.<name>.dhfile' in emq.conf
##
## Value: File
## stomp.listener.dhfile = etc/certs/dh-params.pem
## stomp.listener.dhfile = "etc/certs/dh-params.pem"
## See: 'listener.ssl.<name>.verify' in emq.conf
##
@ -59,7 +59,7 @@ stomp.listener.max_connections = 512
##
## Value: String, seperated by ','
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## stomp.listener.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
## stomp.listener.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## SSL Handshake timeout.
##
@ -69,7 +69,7 @@ stomp.listener.max_connections = 512
## See: 'listener.ssl.<name>.ciphers' in emq.conf
##
## Value: Ciphers
## stomp.listener.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## stomp.listener.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
##

4
apps/emqx_stomp/priv/emqx_stomp.schema
View File

@ -1,7 +1,7 @@
%%-*- mode: erlang -*-
%% emqx_stomp config mapping
{mapping, "stomp.listener", "emqx_stomp.listener", [
{mapping, "stomp.listener.port", "emqx_stomp.listener", [
{default, 61613},
{datatype, [integer, ip]}
]}.
@ -72,7 +72,7 @@
]}.
{translation, "emqx_stomp.listener", fun(Conf) ->
Port = cuttlefish:conf_get("stomp.listener", Conf),
Port = cuttlefish:conf_get("stomp.listener.port", Conf),
Acceptors = cuttlefish:conf_get("stomp.listener.acceptors", Conf),
MaxConnections = cuttlefish:conf_get("stomp.listener.max_connections", Conf),
Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,

6
apps/emqx_telemetry/etc/emqx_telemetry.conf
View File

@ -13,8 +13,8 @@ telemetry.enabled = true
##
## Value: String
##
## Default: https://telemetry.emqx.io/api/telemetry
telemetry.url = https://telemetry.emqx.io/api/telemetry
## Default: "https://telemetry.emqx.io/api/telemetry"
telemetry.url = "https://telemetry.emqx.io/api/telemetry"
## Interval for reporting telemetry data
##
@ -25,4 +25,4 @@ telemetry.url = https://telemetry.emqx.io/api/telemetry
## -s: second
##
## Default: 7d
telemetry.report_interval = 7d
telemetry.report_interval = 7d

32
apps/emqx_web_hook/etc/emqx_web_hook.conf
View File

@ -5,16 +5,16 @@
## Webhook URL
##
## Value: String
web.hook.url = http://127.0.0.1:80
web.hook.url = "http://127.0.0.1:80"
## HTTP Headers
##
## Example:
## 1. web.hook.headers.content-type = application/json
## 2. web.hook.headers.accept = *
## 1. web.hook.headers.content-type = "application/json"
## 2. web.hook.headers.accept = "*"
##
## Value: String
web.hook.headers.content-type = application/json
web.hook.headers.content-type = "application/json"
## The encoding format of the payload field in the HTTP body
## The payload field only appears in the on_message_publish and on_message_delivered actions
@ -54,15 +54,15 @@ web.hook.pool_size = 32
##
## Format:
## web.hook.rule.<HookName>.<No> = <Spec>
#web.hook.rule.client.connect.1 = {"action": "on_client_connect"}
#web.hook.rule.client.connack.1 = {"action": "on_client_connack"}
#web.hook.rule.client.connected.1 = {"action": "on_client_connected"}
#web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"}
#web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"}
#web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"}
#web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"}
#web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
#web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"}
#web.hook.rule.message.publish.1 = {"action": "on_message_publish"}
#web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"}
#web.hook.rule.message.acked.1 = {"action": "on_message_acked"}
#web.hook.rule.client.connect.1 = "{"action": "on_client_connect"}"
#web.hook.rule.client.connack.1 = "{"action": "on_client_connack"}"
#web.hook.rule.client.connected.1 = "{"action": "on_client_connected"}"
#web.hook.rule.client.disconnected.1 = "{"action": "on_client_disconnected"}"
#web.hook.rule.client.subscribe.1 = "{"action": "on_client_subscribe"}"
#web.hook.rule.client.unsubscribe.1 = "{"action": "on_client_unsubscribe"}"
#web.hook.rule.session.subscribed.1 = "{"action": "on_session_subscribed"}"
#web.hook.rule.session.unsubscribed.1 = "{"action": "on_session_unsubscribed"}"
#web.hook.rule.session.terminated.1 = "{"action": "on_session_terminated"}"
#web.hook.rule.message.publish.1 = "{"action": "on_message_publish"}"
#web.hook.rule.message.delivered.1 = "{"action": "on_message_delivered"}"
#web.hook.rule.message.acked.1 = ""{"action": "on_message_acked"}"

2
apps/emqx_web_hook/rebar.config
View File

@ -17,4 +17,4 @@
warnings_as_errors, deprecated_functions]}.
{cover_enabled, true}.
{cover_opts, [verbose]}.
{cover_export_enabled, true}.
{cover_export_enabled, true}.

4
bin/emqx
View File

@ -258,7 +258,7 @@ if [ -z "$NAME_ARG" ]; then
# check if there is a node running, inspect its name
# shellcheck disable=SC2009 # pgrep does not support Extended Regular Expressions
[ -z "$NODENAME" ] && NODENAME=$(ps -ef | grep -E '\-progname\s.*emqx\s' | grep -o -E '\-name (\S*)' | awk '{print $2}')
[ -z "$NODENAME" ] && NODENAME=$(grep -E '^[ \t]*node.name[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2-)
[ -z "$NODENAME" ] && NODENAME=$(grep -E '^[ \t]*node.name[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2- | tr -d '"')
if [ -z "$NODENAME" ]; then
echoerr "vm.args needs to have a -name parameter."
echoerr " -sname is not supported."
@ -283,7 +283,7 @@ if [ -z "$COOKIE_ARG" ]; then
# check if there is a node running, steal its cookie
# shellcheck disable=SC2009 # pgrep does not support Extended Regular Expressions
[ -z "$COOKIE" ] && COOKIE=$(ps -ef | grep -E '\-progname\s.*emqx\s' | grep -o -E '\-setcookie (\S*)' | awk '{print $2}')
[ -z "$COOKIE" ] && COOKIE=$(grep -E '^[ \t]*node.cookie[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2-)
[ -z "$COOKIE" ] && COOKIE=$(grep -E '^[ \t]*node.cookie[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2- | tr -d '"')
if [ -z "$COOKIE" ]; then
echoerr "vm.args needs to have a -setcookie parameter."
echoerr "please check $RUNNER_ETC_DIR/emqx.conf"

4
bin/emqx_ctl
View File

@ -37,7 +37,7 @@ if [ -z "$NAME_ARG" ]; then
# check if there is a node running, inspect its name
# shellcheck disable=SC2009 # pgrep does not support Extended Regular Expressions
[ -z "$NODENAME" ] && NODENAME=$(ps -ef | grep -E '\progname\s.*emqx\s' | grep -o -E '\-name (\S*)' | awk '{print $2}')
[ -z "$NODENAME" ] && NODENAME=$(grep -E '^[ \t]*node.name[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2-)
[ -z "$NODENAME" ] && NODENAME=$(grep -E '^[ \t]*node.name[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2- | tr -d '"')
if [ -z "$NODENAME" ]; then
echoerr "vm.args needs to have a -name parameter."
echoerr " -sname is not supported."
@ -58,7 +58,7 @@ if [ -z "$COOKIE_ARG" ]; then
# check if there is a node running, steal its cookie
# shellcheck disable=SC2009 # pgrep does not support Extended Regular Expressions
[ -z "$COOKIE" ] && COOKIE=$(ps -ef | grep -E '\-progname\s.*emqx\s' | grep -o -E '\-setcookie (\S*)' | awk '{print $2}')
[ -z "$COOKIE" ] && COOKIE=$(grep -E '^[ \t]*node.cookie[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2-)
[ -z "$COOKIE" ] && COOKIE=$(grep -E '^[ \t]*node.cookie[ \t]*=[ \t]*' "$RUNNER_ETC_DIR/emqx.conf" 2> /dev/null | tail -1 | cut -d = -f 2- | tr -d '"')
if [ -z "$COOKIE" ]; then
echoerr "vm.args needs to have a -setcookie parameter."
echoerr "please check $RUNNER_ETC_DIR/emqx.conf"

162
etc/emqx.conf
View File

@ -58,7 +58,7 @@ cluster.autoclean = 5m
## Node list of the cluster.
##
## Value: String
## cluster.static.seeds = emqx1@127.0.0.1,emqx2@127.0.0.1
## cluster.static.seeds = "emqx1@127.0.0.1,emqx2@127.0.0.1"
##--------------------------------------------------------------------
## Cluster using IP Multicast.
@ -66,19 +66,19 @@ cluster.autoclean = 5m
## IP Multicast Address.
##
## Value: IP Address
## cluster.mcast.addr = 239.192.0.1
## cluster.mcast.addr = "239.192.0.1"
## Multicast Ports.
##
## Value: Port List
## cluster.mcast.ports = 4369,4370
## cluster.mcast.ports = "4369,4370"
## Multicast Iface.
##
## Value: Iface Address
##
## Default: 0.0.0.0
## cluster.mcast.iface = 0.0.0.0
## Default: "0.0.0.0"
## cluster.mcast.iface = "0.0.0.0"
## Multicast Ttl.
##
@ -109,7 +109,7 @@ cluster.autoclean = 5m
## Etcd server list, seperated by ','.
##
## Value: String
## cluster.etcd.server = http://127.0.0.1:2379
## cluster.etcd.server = "http://127.0.0.1:2379"
## The prefix helps build nodes path in etcd. Each node in the cluster
## will create a path in etcd: v2/keys/<prefix>/<cluster.name>/<node.name>
@ -127,18 +127,18 @@ cluster.autoclean = 5m
## Path to a file containing the client's private PEM-encoded key.
##
## Value: File
## cluster.etcd.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
## cluster.etcd.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
## The path to a file containing the client's certificate.
##
## Value: File
## cluster.etcd.ssl.certfile = {{ platform_etc_dir }}/certs/client.pem
## cluster.etcd.ssl.certfile = "{{ platform_etc_dir }}/certs/client.pem"
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## cluster.etcd.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
## cluster.etcd.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
##--------------------------------------------------------------------
## Cluster using Kubernetes
@ -146,7 +146,7 @@ cluster.autoclean = 5m
## Kubernetes API server list, seperated by ','.
##
## Value: String
## cluster.k8s.apiserver = http://10.110.111.204:8080
## cluster.k8s.apiserver = "http://10.110.111.204:8080"
## The service name helps lookup EMQ nodes in the cluster.
##
@ -184,17 +184,17 @@ cluster.autoclean = 5m
## Value: <name>@<host>
##
## Default: emqx@127.0.0.1
node.name = emqx@127.0.0.1
node.name = "emqx@127.0.0.1"
## Cookie for distributed node communication.
##
## Value: String
node.cookie = emqxsecretcookie
node.cookie = "emqxsecretcookie"
## Data dir for the node
##
## Value: Folder
node.data_dir = {{ platform_data_dir }}
node.data_dir = "{{ platform_data_dir }}"
## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
## heartbeat, or set the value as 'on'
@ -271,14 +271,14 @@ node.global_gc_interval = 15m
## Crash dump log file.
##
## Value: Log file
node.crash_dump = {{ platform_log_dir }}/crash.dump
node.crash_dump = "{{ platform_log_dir }}/crash.dump"
## Specify SSL Options in the file if using SSL for Erlang Distribution.
##
## Value: File
##
## vm.args: -ssl_dist_optfile <File>
## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf
## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf"
## Sets the net_kernel tick time. TickTime is specified in seconds.
## Notice that all communicating nodes are to have the same TickTime
@ -427,7 +427,7 @@ log.level = warning
## The dir for log files.
##
## Value: Folder
log.dir = {{ platform_log_dir }}
log.dir = "{{ platform_log_dir }}"
## The log filename for logs of level specified in "log.level".
##
@ -450,7 +450,7 @@ log.file = emqx.log
##
## Value: on | off
## Default: on
log.rotation = on
log.rotation.enable = on
## Maximum size of each log file.
##
@ -569,7 +569,7 @@ log.rotation.count = 5
## Value: MaxBurstCount,TimeWindow
## Default: disabled
##
#log.burst_limit = 20000, 1s
#log.burst_limit = "20000, 1s"
##--------------------------------------------------------------------
## Authentication/Access Control
@ -589,7 +589,7 @@ acl_nomatch = allow
## Default ACL File.
##
## Value: File Name
acl_file = {{ platform_etc_dir }}/acl.conf
acl_file = "{{ platform_etc_dir }}/acl.conf"
## Whether to enable ACL cache.
##
@ -623,7 +623,7 @@ acl_deny_action = ignore
## 3. banned interval: the banned interval if a flapping is detected.
##
## Value: Integer,Duration,Duration
flapping_detect_policy = 30, 1m, 5m
flapping_detect_policy = "30, 1m, 5m"
##--------------------------------------------------------------------
## MQTT Protocol
@ -722,7 +722,7 @@ zone.external.acl_deny_action = ignore
## messages | bytes passed through.
##
## Numbers delimited by `|'. Zero or negative is to disable.
zone.external.force_gc_policy = 16000|16MB
zone.external.force_gc_policy = "16000|16MB"
## Max message queue length and total heap size to force shutdown
## connection/session process.
@ -732,9 +732,9 @@ zone.external.force_gc_policy = 16000|16MB
## Numbers delimited by `|'. Zero or negative is to disable.
##
## Default:
## - 10000|64MB on ARCH_64 system
## - 1000|32MB on ARCH_32 sytem
#zone.external.force_shutdown_policy = 10000|64MB
## - "10000|64MB" on ARCH_64 system
## - "1000|32MB" on ARCH_32 sytem
#zone.external.force_shutdown_policy = "10000|64MB"
## Maximum MQTT packet size allowed.
##
@ -840,7 +840,7 @@ zone.external.max_mqueue_len = 1000
## are treated equal
##
## Priority number [1-255]
## Example: topic/1=10,topic/2=8
## Example: "topic/1=10,topic/2=8"
## NOTE: comma and equal signs are not allowed for priority topic names
## NOTE: messages for topics not in the priority table are treated as
## either highest or lowest priority depending on the configured
@ -867,29 +867,29 @@ zone.external.enable_flapping_detect = off
##
## Value: Number,Duration
## Example: 100 messages per 10 seconds.
#zone.external.rate_limit.conn_messages_in = 100,10s
#zone.external.rate_limit.conn_messages_in = "100,10s"
## Bytes limit for a external MQTT connections.
##
## Value: Number,Duration
## Example: 100KB incoming per 10 seconds.
#zone.external.rate_limit.conn_bytes_in = 100KB,10s
#zone.external.rate_limit.conn_bytes_in = "100KB,10s"
## Messages quota for the each of external MQTT connection.
## This value consumed by the number of recipient on a message.
##
## Value: Number, Duration
##
## Example: 100 messaegs per 1s
#zone.external.quota.conn_messages_routing = 100,1s
## Example: 100 messages per 1s
#zone.external.quota.conn_messages_routing = "100,1s"
## Messages quota for the all of external MQTT connections.
## This value consumed by the number of recipient on a message.
##
## Value: Number, Duration
##
## Example: 200000 messaegs per 1s
#zone.external.quota.overall_messages_routing = 200000,1s
## Example: 200000 messages per 1s
#zone.external.quota.overall_messages_routing = "200000,1s"
## All the topics will be prefixed with the mountpoint path if this option is enabled.
##
@ -898,7 +898,7 @@ zone.external.enable_flapping_detect = off
## - %u: username
##
## Value: String
## zone.external.mountpoint = devicebound/
## zone.external.mountpoint = "devicebound/"
## Whether use username replace client id
##
@ -943,7 +943,7 @@ zone.internal.enable_acl = off
zone.internal.acl_deny_action = ignore
## See zone.$name.force_gc_policy
## zone.internal.force_gc_policy = 128000|128MB
## zone.internal.force_gc_policy = "128000|128MB"
## See zone.$name.wildcard_subscription.
##
@ -988,8 +988,8 @@ zone.internal.enable_flapping_detect = off
## See zone.$name.force_shutdown_policy
##
## Default:
## - 10000|64MB on ARCH_64 system
## - 1000|32MB on ARCH_32 sytem
## - "10000|64MB" on ARCH_64 system
## - "1000|32MB" on ARCH_32 sytem
#zone.internal.force_shutdown_policy = 10000|64MB
## All the topics will be prefixed with the mountpoint path if this option is enabled.
@ -999,7 +999,7 @@ zone.internal.enable_flapping_detect = off
## - %u: username
##
## Value: String
## zone.internal.mountpoint = cloudbound/
## zone.internal.mountpoint = "cloudbound/"
## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
##
@ -1033,8 +1033,8 @@ zone.internal.bypass_auth_plugins = true
##
## Value: IP:Port | Port
##
## Examples: 1883, 127.0.0.1:1883, ::1:1883
listener.tcp.external = 0.0.0.0:1883
## Examples: 1883, "127.0.0.1:1883", "::1:1883"
listener.tcp.external.endpoint = "0.0.0.0:1883"
## The acceptor pool for external MQTT/TCP listener.
##
@ -1069,8 +1069,8 @@ listener.tcp.external.zone = external
##
## Value: ACL Rule
##
## Example: allow 192.168.0.0/24
listener.tcp.external.access.1 = allow all
## Example: "allow 192.168.0.0/24"
listener.tcp.external.access.1 = "allow all"
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
@ -1173,8 +1173,8 @@ listener.tcp.external.reuseaddr = true
##
## Value: IP:Port, Port
##
## Examples: 11883, 127.0.0.1:11883, ::1:11883
listener.tcp.internal = 127.0.0.1:11883
## Examples: 11883, "127.0.0.1:11883", "::1:11883"
listener.tcp.internal.endpoint = "127.0.0.1:11883"
## The acceptor pool for internal MQTT/TCP listener.
##
@ -1270,8 +1270,8 @@ listener.tcp.internal.reuseaddr = true
##
## Value: IP:Port | Port
##
## Examples: 8883, 127.0.0.1:8883, ::1:8883
listener.ssl.external = 8883
## Examples: 8883, "127.0.0.1:8883", "::1:8883"
listener.ssl.external.endpoint = 8883
## The acceptor pool for external MQTT/SSL listener.
##
@ -1303,7 +1303,7 @@ listener.ssl.external.zone = external
## See: listener.tcp.$name.access
##
## Value: ACL Rule
listener.ssl.external.access.1 = allow all
listener.ssl.external.access.1 = "allow all"
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
## HAProxy or Nginx.
@ -1326,7 +1326,7 @@ listener.ssl.external.access.1 = allow all
##
## Value: String, seperated by ','
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## listener.ssl.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
## listener.ssl.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## TLS Handshake timeout.
##
@ -1350,20 +1350,20 @@ listener.ssl.external.handshake_timeout = 15s
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
listener.ssl.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Path to a file containing the user certificate.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
listener.ssl.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## listener.ssl.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## The Ephemeral Diffie-Helman key exchange is a very effective way of
## ensuring Forward Secrecy by exchanging a set of keys that never hit
@ -1380,7 +1380,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## openssl dhparam -out dh-params.pem 2048
##
## Value: File
## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
@ -1415,14 +1415,13 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
listener.ssl.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
listener.ssl.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## Ciphers for TLS PSK.
## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
#listener.ssl.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly.
@ -1532,13 +1531,13 @@ listener.ssl.external.reuseaddr = true
##
## Value: IP:Port | Port
##
## Examples: 8083, 127.0.0.1:8083, ::1:8083
listener.ws.external = 8083
## Examples: 8083, "127.0.0.1:8083", "::1:8083"
listener.ws.external.endpoint = 8083
## The path of WebSocket MQTT endpoint
##
## Value: URL Path
listener.ws.external.mqtt_path = /mqtt
listener.ws.external.mqtt_path = "/mqtt"
## The acceptor pool for external MQTT/WebSocket listener.
##
@ -1570,7 +1569,7 @@ listener.ws.external.zone = external
## See: listener.ws.$name.access
##
## Value: ACL Rule
listener.ws.external.access.1 = allow all
listener.ws.external.access.1 = "allow all"
## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
## Set to false for WeChat MiniApp.
@ -1581,7 +1580,7 @@ listener.ws.external.access.1 = allow all
## Supported subprotocols
##
## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
## listener.ws.external.supported_protocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
## listener.ws.external.supported_protocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
## HAProxy or Nginx.
@ -1741,7 +1740,7 @@ listener.ws.external.allow_origin_absence = true
## Comma separated list of allowed origin in header for websocket connection
##
## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083
listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18083
listener.ws.external.check_origins = "http://localhost:18083, http://127.0.0.1:18083"
##--------------------------------------------------------------------
## External WebSocket/SSL listener for MQTT Protocol
@ -1751,13 +1750,13 @@ listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18
##
## Value: IP:Port | Port
##
## Examples: 8084, 127.0.0.1:8084, ::1:8084
listener.wss.external = 8084
## Examples: 8084, "127.0.0.1:8084", "::1:8084"
listener.wss.external.endpoint = 8084
## The path of WebSocket MQTT endpoint
##
## Value: URL Path
listener.wss.external.mqtt_path = /mqtt
listener.wss.external.mqtt_path = "/mqtt"
## The acceptor pool for external MQTT/WebSocket/SSL listener.
##
@ -1791,7 +1790,7 @@ listener.wss.external.zone = external
## See: listener.tcp.$name.access.<no>
##
## Value: ACL Rule
listener.wss.external.access.1 = allow all
listener.wss.external.access.1 = "allow all"
## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
## Set to false for WeChat MiniApp.
@ -1802,7 +1801,7 @@ listener.wss.external.access.1 = allow all
## Supported subprotocols
##
## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
## listener.wss.external.supported_protocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
## listener.wss.external.supported_protocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
## Enable the Proxy Protocol V1/2 support.
##
@ -1824,28 +1823,28 @@ listener.wss.external.access.1 = allow all
##
## Value: String, seperated by ','
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## listener.wss.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
## listener.wss.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## Path to the file containing the user's private PEM-encoded key.
##
## See: listener.ssl.$name.keyfile
##
## Value: File
listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
listener.wss.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Path to a file containing the user certificate.
##
## See: listener.ssl.$name.certfile
##
## Value: File
listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
listener.wss.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates.
##
## See: listener.ssl.$name.cacert
##
## Value: File
## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## listener.wss.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
## Maximum number of non-self-issued intermediate certificates that
## can follow the peer certificate in a valid certification path.
@ -1866,7 +1865,7 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## See: listener.ssl.$name.dhfile
##
## Value: File
## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
## See: listener.ssl.$name.verify
##
@ -1881,13 +1880,13 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## See: listener.ssl.$name.ciphers
##
## Value: Ciphers
listener.wss.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
listener.wss.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## Ciphers for TLS PSK.
## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
## listener.wss.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
## See: listener.ssl.$name.secure_renegotiate
##
@ -2046,7 +2045,7 @@ listener.wss.external.allow_origin_absence = true
## Comma separated list of allowed origin in header for secure websocket connection
##
## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1:8084
listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
##--------------------------------------------------------------------
## Modules
@ -2054,7 +2053,7 @@ listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1:
## The file to store loaded module names.
##
## Value: File
modules.loaded_file = {{ platform_data_dir }}/loaded_modules
modules.loaded_file = "{{ platform_data_dir }}/loaded_modules"
##--------------------------------------------------------------------
## Presence Module
@ -2070,7 +2069,7 @@ module.presence.qos = 1
## Subscribe the Topics automatically when client connected.
##
## Value: String
## module.subscription.1.topic = connected/%c/%u
## module.subscription.1.topic = "connected/%c/%u"
## Qos of the proxy subscription.
##
@ -2103,8 +2102,8 @@ module.presence.qos = 1
## Rewrite Module
## {rewrite, Topic, Re, Dest}
## module.rewrite.pub.rule.1 = x/# ^x/y/(.+)$ z/y/$1
## module.rewrite.sub.rule.1 = y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2
## module.rewrite.pub.rule.1 = "x/# ^x/y/(.+)$ z/y/$1"
## module.rewrite.sub.rule.1 = "y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2"
##-------------------------------------------------------------------
## Plugins
@ -2113,17 +2112,17 @@ module.presence.qos = 1
## The etc dir for plugins' config.
##
## Value: Folder
plugins.etc_dir = {{ platform_etc_dir }}/plugins/
plugins.etc_dir = "{{ platform_etc_dir }}/plugins/"
## The file to store loaded plugin names.
##
## Value: File
plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins
plugins.loaded_file = "{{ platform_data_dir }}/loaded_plugins"
## The directory of extension plugins.
##
## Value: File
plugins.expand_plugins_dir = {{ platform_plugins_dir }}/
plugins.expand_plugins_dir = "{{ platform_plugins_dir }}/"
##--------------------------------------------------------------------
## Broker
@ -2213,7 +2212,6 @@ sysmon.long_gc = 0
## Examples:
## - 2h: 2 hours
## - 30m: 30 minutes
## - 0.1s: 0.1 seconds
## - 100ms: 100 milliseconds
##
## Default: 0ms
@ -2305,8 +2303,8 @@ vm_mon.process_low_watermark = 60%
## - log
## - publish
##
## Default: log,publish
alarm.actions = log,publish
## Default: "log,publish"
alarm.actions = "log,publish"
## The maximum number of deactivated alarms
##

16
lib-ce/emqx_dashboard/etc/emqx_dashboard.conf
View File

@ -20,7 +20,7 @@ dashboard.default_user.password = public
## Value: Port
##
## Examples: 18083
dashboard.listener.http = 18083
dashboard.listener.http.port = 18083
## The acceptor pool for external Dashboard HTTP listener.
##
@ -50,7 +50,7 @@ dashboard.listener.http.ipv6_v6only = false
## Value: Port
##
## Examples: 18084
## dashboard.listener.https = 18084
## dashboard.listener.https.port = 18084
## The acceptor pool for external Dashboard HTTPS listener.
##
@ -75,22 +75,22 @@ dashboard.listener.http.ipv6_v6only = false
## Path to the file containing the user's private PEM-encoded key.
##
## Value: File
## dashboard.listener.https.keyfile = etc/certs/key.pem
## dashboard.listener.https.keyfile = "etc/certs/key.pem"
## Path to a file containing the user certificate.
##
## Value: File
## dashboard.listener.https.certfile = etc/certs/cert.pem
## dashboard.listener.https.certfile = "etc/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates.
##
## Value: File
## dashboard.listener.https.cacertfile = etc/certs/cacert.pem
## dashboard.listener.https.cacertfile = "etc/certs/cacert.pem"
## See: 'listener.ssl.<name>.dhfile' in emq.conf
##
## Value: File
## dashboard.listener.https.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## dashboard.listener.https.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
## See: 'listener.ssl.<name>.verify' in emq.conf
##
@ -106,12 +106,12 @@ dashboard.listener.http.ipv6_v6only = false
##
## Value: String, seperated by ','
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## dashboard.listener.https.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
## dashboard.listener.https.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## See: 'listener.ssl.<name>.ciphers' in emq.conf
##
## Value: Ciphers
## dashboard.listener.https.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## dashboard.listener.https.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
##

6
lib-ce/emqx_dashboard/priv/emqx_dashboard.schema
View File

@ -10,7 +10,7 @@
{override_env, "ADMIN_PASSWORD"}
]}.
{mapping, "dashboard.listener.http", "emqx_dashboard.listeners", [
{mapping, "dashboard.listener.http.port", "emqx_dashboard.listeners", [
{datatype, integer}
]}.
@ -38,7 +38,7 @@
{datatype, {enum, [true, false]}}
]}.
{mapping, "dashboard.listener.https", "emqx_dashboard.listeners", [
{mapping, "dashboard.listener.https.port", "emqx_dashboard.listeners", [
{datatype, integer}
]}.
@ -139,7 +139,7 @@
lists:map(
fun(Proto) ->
Prefix = "dashboard.listener." ++ atom_to_list(Proto),
case cuttlefish:conf_get(Prefix, Conf, undefined) of
case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of
undefined -> [];
Port ->
[{Proto, Port, case Proto of

14
lib-ce/emqx_management/etc/emqx_management.conf
View File

@ -23,7 +23,7 @@ management.default_application.secret = public
##--------------------------------------------------------------------
## HTTP Listener
management.listener.http = 8081
management.listener.http.port = 8081
management.listener.http.acceptors = 2
management.listener.http.max_clients = 512
management.listener.http.backlog = 512
@ -35,19 +35,19 @@ management.listener.http.ipv6_v6only = false
##--------------------------------------------------------------------
## HTTPS Listener
## management.listener.https = 8081
## management.listener.https.port = 8081
## management.listener.https.acceptors = 2
## management.listener.https.max_clients = 512
## management.listener.https.backlog = 512
## management.listener.https.send_timeout = 15s
## management.listener.https.send_timeout_close = on
## management.listener.https.certfile = etc/certs/cert.pem
## management.listener.https.keyfile = etc/certs/key.pem
## management.listener.https.cacertfile = etc/certs/cacert.pem
## management.listener.https.certfile = "etc/certs/cert.pem"
## management.listener.https.keyfile = "etc/certs/key.pem"
## management.listener.https.cacertfile = "etc/certs/cacert.pem"
## management.listener.https.verify = verify_peer
## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
## management.listener.https.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
## management.listener.https.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## management.listener.https.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
## management.listener.https.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## management.listener.https.fail_if_no_peer_cert = true
## management.listener.https.inet6 = false
## management.listener.https.ipv6_v6only = false

6
lib-ce/emqx_management/priv/emqx_management.schema
View File

@ -21,7 +21,7 @@
{datatype, string}
]}.
{mapping, "management.listener.http", "emqx_management.listeners", [
{mapping, "management.listener.http.port", "emqx_management.listeners", [
{datatype, [integer, ip]}
]}.
@ -85,7 +85,7 @@
{datatype, {enum, [true, false]}}
]}.
{mapping, "management.listener.https", "emqx_management.listeners", [
{mapping, "management.listener.https.port", "emqx_management.listeners", [
{datatype, [integer, ip]}
]}.
@ -225,7 +225,7 @@ end}.
lists:foldl(
fun(Proto, Acc) ->
Prefix = "management.listener." ++ atom_to_list(Proto),
case cuttlefish:conf_get(Prefix, Conf, undefined) of
case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of
undefined -> Acc;
Port ->
[{Proto, Port, TcpOpts(Prefix) ++ Opts(Prefix)

22
priv/emqx.schema
View File

@ -483,7 +483,7 @@ end}.
{datatype, integer}
]}.
{mapping, "log.rotation", "kernel.logger", [
{mapping, "log.rotation.enable", "kernel.logger", [
{default, on},
{datatype, flag}
]}.
@ -577,7 +577,7 @@ end}.
{translation, "kernel.logger", fun(Conf) ->
LogTo = cuttlefish:conf_get("log.to", Conf),
LogLevel = cuttlefish:conf_get("log.level", Conf),
LogType = case cuttlefish:conf_get("log.rotation", Conf) of
LogType = case cuttlefish:conf_get("log.rotation.enable", Conf) of
true -> wrap;
false -> halt
end,
@ -1167,7 +1167,7 @@ end}.
%%--------------------------------------------------------------------
%% TCP Listeners
{mapping, "listener.tcp.$name", "emqx.listeners", [
{mapping, "listener.tcp.$name.endpoint", "emqx.listeners", [
{datatype, [integer, ip]}
]}.
@ -1272,7 +1272,7 @@ end}.
%%--------------------------------------------------------------------
%% SSL Listeners
{mapping, "listener.ssl.$name", "emqx.listeners", [
{mapping, "listener.ssl.$name.endpoint", "emqx.listeners", [
{datatype, [integer, ip]}
]}.
@ -1440,7 +1440,7 @@ end}.
%%--------------------------------------------------------------------
%% MQTT/WebSocket Listeners
{mapping, "listener.ws.$name", "emqx.listeners", [
{mapping, "listener.ws.$name.endpoint", "emqx.listeners", [
{datatype, [integer, ip]}
]}.
@ -1620,7 +1620,7 @@ end}.
%%--------------------------------------------------------------------
%% MQTT/WebSocket/SSL Listeners
{mapping, "listener.wss.$name", "emqx.listeners", [
{mapping, "listener.wss.$name.endpoint", "emqx.listeners", [
{datatype, [integer, ip]}
]}.
@ -1866,7 +1866,6 @@ end}.
]}.
{translation, "emqx.listeners", fun(Conf) ->
Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
Atom = fun(undefined) -> undefined; (S) -> list_to_atom(S) end,
@ -2006,7 +2005,7 @@ end}.
TcpListeners = fun(Type, Name) ->
Prefix = string:join(["listener", Type, Name], "."),
ListenOnN = case cuttlefish:conf_get(Prefix, Conf, undefined) of
ListenOnN = case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
undefined -> [];
ListenOn ->
case ListenOn of
@ -2030,7 +2029,7 @@ end}.
end,
SslListeners = fun(Type, Name) ->
Prefix = string:join(["listener", Type, Name], "."),
case cuttlefish:conf_get(Prefix, Conf, undefined) of
case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
undefined ->
[];
ListenOn ->
@ -2046,12 +2045,11 @@ end}.
]
end
end,
lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name], ListenOn}
lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn}
<- cuttlefish_variable:filter_by_prefix("listener.tcp", Conf)
++ cuttlefish_variable:filter_by_prefix("listener.ws", Conf)]
++
[SslListeners(Type, Name) || {["listener", Type, Name], ListenOn}
[SslListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn}
<- cuttlefish_variable:filter_by_prefix("listener.ssl", Conf)
++ cuttlefish_variable:filter_by_prefix("listener.wss", Conf)])
end}.

2
rebar.config
View File

@ -43,7 +43,7 @@
, {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}}
, {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.8.0"}}}
, {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.0"}}}
, {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.1.0"}}}
, {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {branch, "hocon"}}}
, {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.3"}}}
, {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.0"}}}
, {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.1"}}}

2
rebar.config.erl
View File

@ -55,7 +55,7 @@ test_plugins() ->
test_deps() ->
[ {bbmustache, "1.10.0"}
, {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.3.6"}}}
, {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {branch, "hocon"}}}
, meck
].

8
test/emqx_listeners_SUITE.erl
View File

@ -67,14 +67,16 @@ mustache_vars() ->
generate_config() ->
Schema = cuttlefish_schema:files([local_path(["priv", "emqx.schema"])]),
ConfFile = render_config_file(),
Conf = conf_parse:file(ConfFile),
{ok, Conf} = hocon:load(ConfFile, #{format => proplists}),
cuttlefish_generator:map(Schema, Conf).
set_app_env({App, Lists}) ->
lists:foreach(fun({acl_file, _Var}) ->
application:set_env(App, acl_file, local_path(["etc", "acl.conf"]));
({plugins_loaded_file, _Var}) ->
application:set_env(App, plugins_loaded_file, local_path(["test", "emqx_SUITE_data","loaded_plugins"]));
application:set_env(App,
plugins_loaded_file,
local_path(["test", "emqx_SUITE_data","loaded_plugins"]));
({Par, Var}) ->
application:set_env(App, Par, Var)
end, Lists).
@ -91,4 +93,4 @@ get_base_dir(Module) ->
get_base_dir() ->
get_base_dir(?MODULE).

8
test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config
View File

@ -15,11 +15,3 @@
{cover_enabled, true}.
{cover_opts, [verbose]}.
{cover_export_enabled, true}.
{profiles,
[{test, [
{deps, [ {emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.1.4"}}}
, {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}
]}
]}
]}.